Focus Mode
Threat Research

October 2024 Ransomware Threat Trend Report

Ahnlab

Summary:

This report highlights the increase in new ransomware samples and targeted systems in October 2024, particularly noting the rise of MEDUSALOCKER ransomware. It also provides insights into the companies affected by various ransomware groups, based on data collected from Dedicated Leak Sites (DLS).

Keypoints:

  • Increase in new ransomware samples in October compared to September.
  • MEDUSALOCKER ransomware showed significant growth in sample numbers.
  • Statistics are based on detection names by AhnLab and data from ATIP infrastructure.
  • Details on targeted companies will be provided in subsequent sections.

MITRE Techniques

  • Command and Control (T1071): Utilizes multiple command and control domains to maintain communication with compromised systems.
  • Data Encrypted for Impact (T1486): Ransomware encrypts data to render it inaccessible to users, demanding payment for decryption.
  • Exfiltration Over Command and Control Channel (T1041): Data is exfiltrated through the same channel used for command and control.
  • Credential Dumping (T1003): Techniques used to obtain credentials from operating systems and software.

This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in October 2024, as well as notable ransomware issues in Korea and other countries. The following is a brief summary.

The number of ransomware samples and targeted systems are based on the detection names designated by AhnLab, and the statistics on targeted businesses are based on the time the information on the ransomware group’s Dedicated Leak Sites (DLS, identical to ransomware PR sites or PR pages) was collected by the ATIP infrastructure.

Summary of Statistical Data

The following shows the total number of new ransomware samples collected in the past 6 months.

In October, the number of new samples increased slightly compared to September. This is due to the increase in the quantity of the MEDUSALOCKER ransomware, which had a very small number in the statistics data for last month. The malware types that make up the number of new samples in October will be examined in more detail in this report.

Targeted Companies by Ransomware Group

The following statistics are based on the companies targeted by ransomware groups and posted on DLS by ATIP. There are ransomware groups whose information was collected late or not collected at all. Please refer to the following “Statistics on Damage Companies Affected by Ransomware Groups (External)” provided in the next section.

Below are some of the lists of affected companies that have been made public by each ransomware group.

MD5

09279c62da9aa6dd567cb260aa255849
0b56f3ae6b262a6854bf370598bdd617
0b9f5b21a7ccdf2cc6f325134d3c0aba
147a6712157c311389238adab48d1686
3084e06a5bbb4d79a589c6fbac9d6d5b

Source: Original Post

Tags: CREDENTIAL, LEAK, IMPACT, EXFILTRATION